Bitcoin is the currency of the Internet: a distributed, worldwide, decentralized digital money. Unlike traditional currencies such as dollars, bitcoins are issued and managed without any central authority whatsoever: there is no government, company, or bank in charge of Bitcoin. As such, it is more resistant to wild inflation and corrupt banks. With Bitcoin, you can be your own bank.

Community guidelines

Do not use URL shortening services: always submit the real link.

Begging/asking for bitcoins is absolutely not allowed, no matter how badly you need the bitcoins. Only requests for donations to large, recognized charities are allowed, and only if there is good reason to believe that the person accepting bitcoins on behalf of the charity is trustworthy.

News articles that do not contain the word "Bitcoin" are usually off-topic. This subreddit is not about general financial news.

Submissions that are mostly about some other cryptocurrency belong elsewhere. For example, /r/CryptoCurrency is a good place to discuss all cryptocurrencies.

No referral links in submissions.

No compilations of free Bitcoin sites.

Trades should usually not be advertised here. For example, submissions like "Buying 100 BTC" or "Selling my computer for bitcoins" do not belong here. /r/Bitcoin is primarily for news and discussion.

Please avoid repetition — /r/bitcoin is a subreddit devoted to new information and discussion about Bitcoin and its ecosystem. New merchants are welcome to announce their services for Bitcoin, but after those have been announced they are no longer news and should not be re-posted. Aside from new merchant announcements, those interested in advertising to our audience should consider Reddit's self-serve advertising system.

Non-Bitcoin communities

Join us on IRC

Other Bitcoin sites

Download Bitcoin Core

Bitcoin Core is the the backbone of the Bitcoin network. Almost all Bitcoin wallets rely on Bitcoin Core in one way or another. If you have a fairly powerful computer that is almost always online, you can help the network by running Bitcoin Core. You can also use Bitcoin Core as a very secure Bitcoin wallet.

Style sheet credits

We previously collected donations to fund Bitcoin advertising efforts, but we no longer accept donations. The funds already donated will be spent on some sort of advertising, as intended. (10.35799117 BTC spent so far.)

I really need to lose it, because I keep withdrawing my Bitcoins... I really need to do something about really not being able to use them in a long run.

How to do it? I see 5 ways all of which sounds crazy for me:

MultiSig - some person who's not allowing me to spend my Bitcoins. Such person will have the 2nd private key without which I won't be able to transfer my funds. Not studied yet how does it works and how easy or hard to set it up

nTimeLock - this thing sounds pretty silly to me since I have to meet too much conditions - 1) trust that protocol won't be changed in 5 years, then 2) should destroy sending wallet's private key 3) should save all the transaction raw data. Too much conditions - too complicated

Digital Time Capsule: creating such a password hash which could be broken only with technologies of 2019th (have to rely on how much precise I can predict the GPU's power). This method will require from me purchasing good GPU videocard to do it which could cost around $500. So this is pretty expensive method and in case if I will want some urgency, there's a chance that I'll spend that $500 to meet decrypt my own cypher.

Trusting third party to store that private key for me (but they can lose it or disappear - then what I do?)

Offline Time Capsule: Dig it somewhere Physically - at the places where I won't want to go during 5 years. Sounds stupid.

All I need is an address where I could send all of my savings + without ability to touch them for a very long time (approx. 5 years or longer).

I hope to find some very easy way to forget this private key.

And I keep wondering - isn't there any reliable way to perform this? I am even ready to pay now so that I could get guaranteed way of not touching my savings for 5 years and so that I has no need in spending my savings for such a long time.

Why don't you pick up the phone, make some arrangements with the bank, and fly a couple copies of your paper wallet down to Quito. Put them in the safety deposit box. Pre-pay for seven years. Breathe easy (if you can - it's a very altitudinous city).

I'm not trying to be a prick here, but if you can't afford to do this little jaunt, you have by definition invested more than you can afford to lose in a seven-year wild gamble on internet funny money. Consider it an arbitrary benchmark, this trip to Ecuador.

Get arrested for something.
Try to make sure the exchanges you use don't accept your ip.
Encrypt it with an algorithm that your pc would take 7 years to crack.
Invest in mining equipment and electricity fees and mine your bitcoins back with an expected break even of 7 years.
Genetically manipulate a cactus to grow in the shape of your private key and that takes 7 years to mature.
Throw your private key in a scorpion pit that holds scorpion food for 7 years, when the scorpions have died, retrieve key.

The reason is why I want to create such lock and ready to spend my time on it is because I want to stay both overexposed and still want to have an ability to save, but now in a forced mode - it is like paying to your pension fund - which in many cases can accept your deposits, but can't let you withdraw those funds.

This forced powers are way cooler than everybody think - this is the same reason why many people still buy many products with credit, because credit gives them opportunity to delay payment, then use force to make themselves pay by huge price.

As a strong believer in a Bitcoin protocol, I'm gonna believe in two things:

1) nTimeLock

2) Cryptographical estimation of the pwds bruteforce, i.e. Time Capsule.

This is two most important things to save my money.

I believe most people don't get rich in Bitcoins, not because they have a weak will, but because they didn't even brought their intentions to be bold about their investment.

Now from the quality of implementation of this thing will depend how long my investment will last and I'm better on hoping on this solution, than on my mind where I prefer to left some space for some creativity.

FYI I am already spent all of my Bitcoins, and I already had full bitcoin which was spent for stupid stuff which seemed important and vital back few months ago. That's why I don't understand those 12 people who downvoted probably my best life's intention

It takes only 30 minutes of making wrong decisions to ruin the months or maybe years of hardwork. I can't guarantee that such 30 minutes won't appear in my life, especially when I know that there's too much emotional things on which I spare my attention. I can't cut myself from having those creative intentions. And at the same time Bitcoin is too important to get overwhelmed by any of those creativity.

Long-term discipline with me is impossible.
It takes only 30 minutes of making wrong decisions to ruin the months or maybe years of hardwork.
I can't guarantee that such 30 minutes won't appear in my life

you pretty much gave yourself the solution: learn to make better decisions.

If you spend/sell bitcoins just buy more next time you have the cash. Be frugal, and don't over spend your paycheck, as every dollar you waste is a dollar you could've spent on bitcoins.

i'm sorry, but if you think that rules about withdrawing your money from a retirement/savings account are actually good, because you can't stop yourself from withdrawing, then you really need to get a grip on your self-control. you can lie to everyone in the world, but don't lie to yourself.

I will PM you a message so you don't forget about the comment or thread later on. Just use the RemindMe! command and optional date formats. Subsequent confirmations in this unique thread will be sent through PM to avoid spam. Default wait is a day.

I will PM you a message so you don't forget about the comment or thread later on. Just use the RemindMe! command and optional date formats. Subsequent confirmations in this unique thread will be sent through PM to avoid spam. Default wait is a day.

I have several ideas with varying risk factors and ethical implications.

Make a long private key that you can't remember and break it into 4-5 pieces, then set a series of delayed emails to send you those pieces in seven years. There are services you can use like Email Alibi, but who knows how long they will be online. There is a way to delay emails with gmail/outlook as well, but you would know the passwords to your account and be able to cave.

Load it into an encrypted paper wallet then put it in a safe at your closet grandparents house. Ask them to leave it there and write you in their will as the beneficiary.

Shave the top of your head and get a tattoo of your private key QR code. Get a hat and let your hair grow in.

You could always try being less of a pussy. Buy a refurbished beater laptop, put your wallet in cold storage, hide the laptop in darkest room in your residence.

I love the question and I'm still dissatisfied with these answers. I've wondered the same thing myself. I don't like the password cracking solutions because a person with sufficiently poor self-control could continue to add on hardware to increase the hashrate to crack the password early.. or make it so secure that the crack doesn't come in a reasonable time.

Can someone discuss the feasibility of ntimelock?

Is there a service that would hold a 2of2 key for a specified period of time?

The problem with ntimelock is that you have to keep your raw data for the transaction, and also you must destroy your private key from which you've sent the transaction. You theoretically still have opportunity to double-spend your ntimelocked funds if you haven't destroyed your private key from the wallet from which you've sent ntimelocked funds, because inputs are still belonging to that wallet. Transaction will occur only on the event when nTimeLock raw data will be executed after the specified ntimelock.

I'm think the digital time capsule is greater, because its easier to setup than nTimeLock, even though nTimeLock would be better solution.

The greatest independent solution of course would be combining 2 methods:
- Digital Time Capsule - e.g. ability to bruteforce during 1 year using reasonable amount of hardware. That's for sender privatekey. You have to create around 100 private key pairs upfront, so that you could slowly use them to deposit funds there, then destroying those private keys, relying only on bruteforce data and ntimelock raw transactions dumps saved to be executed on time.
+ nTimeLock itself in combination with Digital Time Capsule which applies to sender wallet. And all of the nTimeLock raw transactions are directed to one wallet, private keys of which won't be stolen.

So, you will have 100 sender wallets with Time Capsule key pairs which you will destroy after usage.
Also you will have accessible not destroyed very well known private key from your recipient wallet, where you'll expect to receive funds after ntimelock event, once you'll push raw transaction data into the Bitcoin network.

I'm actively studying this topic right now, once I'll come up with solution, I think I will open a web-site helping others to use this open techniques to save their Bitcoins.

/u/Natanael_L just gave you your answer. I'll try to explain why it works:

A p2sh transaction doesn't contain the output script, just a hash of it.

This means the network cannot know how the transaction will be unlocked, and it will simply always be accepted into the block chain.

When you try to spend the coins, you have to provide the output script. This transaction will be rejected unless the lock time has expired.

In other words: this allows you to send your coins to an address, while being unable to get them out until the time has expired.

Edit: For the record, this does not require multisig. You can do this 100% by yourself.

Edit2: Alas, my theory seems to be incorrect. I mistakenly assumed nLockTime was part of the output. It is not, so I no longer believe this works. Let my mistake be forever engraved onto the history of the internet.

by the way, this is what i did last year to help me hodl through the bubble. i had the urge to sell at $300, so i bip38 encrypted the private key and send it using slow international package shipping (sea, ~2months) to my relative overseas. I also used nLocktime to prepare a transaction in case the mail got lost.

Buy a baby rabbit, and put the private key in a small capsule that your vet can implant behind the rabbits shoulder blades. Rabbits live about 6-8 years. Once your companion bunny dies, make a small incision and remove the capsule with the key.

People do this with trust accounts all the time. Find a few lawyers who are clued up on tech, do m of n multisig that requires your key + one other, then have each of them sign an agreement to only release their keys after X date.

Actually by Private Key I meant anything which could be used as a key to my wallet.

But I plan not to encrypt the Private Key, but I will encrypt the password from my wallet.dat. That will mean that I'll also have some hash like 0x8348918757f28b8238c21898742df898327ab8 which will mean "09348573821983473" password, which will take to guess only 365 days - and once you'll find out that the hash 0x8348918757f28b8238c21898742df898327ab8 matches "09348573821983473" password, you'll finally find out the way to open my wallet.dat.

But you won't be able to open my wallet.dat, because you know only my hash for my password, and you may not have an access to my wallet.dat - so I'll keep my wallet.dats secure.

Time-Lock Puzzle is a Digital Time Capsule. It is created in an instant and requires set amount of computations to unlock it.

The main difference is that it can only be solved by one thread/core, so you only need a fast one-core CPU to unlock it. Additional CPU's/GPU's won't make the process any faster. It means, that if you want to protect your BTC's for 7 years you'd cut on a power bill compared to multi-core solution [such as password brute-force proposed by /u/ThePiachu]. It also means, that you couldn't "cheat" and get the keys faster by renting a datacenter.

So you could benchmark your CPU, create a Time-Lock Puzzle with a difficulty of 7 years, start computing, and 7 years from now you'd have your private key back. But because you'd need to write a solution by yourself I highly discourage it.

It seems your issue is simply a lack of willpower. Specifically, you do not have the willpower to hold your coins.

So turn that weakness into a strength.

Put your private keys somewhere that would require willpower to access: somewhere geographically inconvenient for you would work, provided that place is also secure.

One option might be a safe deposit box at a branch of your bank that is several hours away (if they let you). If you want to avoid banks, you might consider a private vault.

Heck, you could even rent a PO Box somewhere far away from your home, mail the private key there, and just pay the bills on the box for the next 7 years without ever taking the mail out.

Likewise, a public storage place might have something small for document storage. I encourage you to explore your options.

If you choose something like a bank or PO Box, you'll certainly know about it ahead of time in the event they shut down, and you can just move your private keys somewhere else at that point. Or better yet, store multiple copies in several locations for redundancy.

(Maybe needless to say, but encrypting your private keys before storage is recommended.)

The advantage here is that if you really need your coins to the point where you'll drive many hours to get them, you have that option. But at the same time, you'll be less subject to impulsive withdraws because of that drive. And if you ever do head out one night to retrieve your keys, you'll have plenty of time to think about the wisdoms of your actions before arrival.

Just generate a private address on bitaddress.org, print a paper wallet, scan the public QR code, send your bitcoins there, then give the paper wallet to a friend of yours and tell him to only return the wallet to you if you present him with a picture of your naked ass and to make him talk you out of it if it hasn't been 7 years.

The trouble of going to your friend's place and scanning in the paper wallet, plus the embarrassment, will probably let you be comfortable with not using those bitcoins for years for small stuff... although if bitcoin does completely crash, or it goes up by 100x in 4 years and you want to buy a house or something, it wouldn't be a big deal.

This is what I was thinking. You could bruteforce faster with many machines in parallel, but then that would cost you more money to do so.

One way I thought of to do this was make your passphrase from a large number + random chars, eg (1402394334432 + abcxyzblahblahblah). Then delete all traces of the number, but keep the random chars somewhere safe. Now to spend these coins, you basically have to start at (1 + abcxyzblahblahblah) and keep incrementing until you find the money.

That number was only an example, and would only take 1 second to bruteforce if you had 1.4 TH/s capability. You'd need to use a VERY large number. I guess it would be a challenge to get the timing right; too big and you might be waiting 700 years for payday. Too small and you might get it in 7 hours. In addition, you'd have to completely forget what number you used, otherwise you could kind of cheat and just start off guessing at 1 trillion as a bit of a shortcut.

Because else someone other than yourself could just check the hash of 1, 2, 3, 4, etc. until they get YOUR money. The chars part is like your password... keep that part very safe and secure (and very long and random).

If you succeed, you will voluntarily take upon yourself a 7 years of daily emotional torture and quite possibly nightmares due to extreme anxiety. This is ESPECIALLY true if you are thinking about "encapsulating" significant amount. Think about it... You are talking severe self punishment here.

that wold be the best-case scenario. But it also could be "oh, thanks for flowers, 5 years ago when he was dying he was talking about some private key he was supposed to keep for you, but we searched all his belongings and found only a few keys from his cabin, and one from an old car, but nothing else. Also recently we disposed of his papers including this weird looking blocky thing he had, looks like a barcode but with squares"

Why not just put the key into a deposit box? If I doubted my self-discipline I might shard the key with "m-of-n" shamir's secret sharing. Destroy the original, send the shards to my friends/family. Tell each shard-holder to not return the shard to me under any circumstance until 2019. For example, you could send 10 shards, and require a minimum of 5 to reconstitute the key.

This would be like giving 10 (n) keys to top members of the military, and making a machine that would only launch the missiles if 5 (m) people inserted and turned their keys at the same time. 5 of the key-holders could die our lose their keys, but you could still fire the missiles, and 5 of them would all have to betray you to fire without authorization.

Choose m and n carefully, train the shard-holders, and do the sharding offline.

I have a buddy who's a believer but can't keep em either, those dice get the best of him when he's in a manic mode. Burnt through over 60 BTC, then 10 more a few months after. This was early 2013 so not 'that' valuable at the time. It goes without saying, he has a few regrats.

Since then I've setup a BIP38 paper wallet for him to send to, pass phrase is a Samir(sp?) 2 of 3 split key. He has one part, I have one and his girlfriend has one. He of course trusts us and unless he has a damn good emergency, they're secure.

Take that economists. We aren't hording bitcoins this guy can't stop spending them.

What you want is to Make a time lock wallet. Basically the blockchain will have in it a message that says on such and such day send funds from an existing wallet to an other one. So if I understand right you can have it so you delete the private key of current bitcoins but hold the private key of an other address that after X amount of solved blocks will send the bitcoins to the address you hold. This way you can't spend the coins but it is still yours. Also if someone else gained access to that private key they couldn't take your bitcoins until the time the funds are sent to you.

nTimeLock. It isn't so complicated, you can keep your private key with you safely, you won't be able to spend it anyway.

Bitcoin developers are not going to change the protocol in any way that results in nTimeLock being unspendable. It might be removed in a few years, but that will just let everything be spendable, you will never lose the coins.

I remember when I was 12 I had the same spending habits. Then I gave my bank card to my grandma and told her not to give it to me until I would be able to afford a Nintendo GameCube. You can try something similar or just grow up and have some discipline

Delete the last twenty (or so) bits of your private key. This will require you to brute-force it to find your money later, with a million possibilities to check. It's not a ton, and can easily be done programmatically. But presumably those hurdles will be just enough to help you resist temptation.

Or, another alternative that I saw on reddit:

Create a 10+ question questionnaire, with simple answers, like what was the name of your elementary school, what was your best friend's last name in high school, what name is on your birth certificate, what is your social security number, etc. Make sure that the answers are simple and absolutely unambiguous (so include hints to your future self, like "7 letters, all lower case", "include the dashes in my social security number", etc.). append all the answers together (specify whether it's with or without spaces), and create a brain wallet (offline). Never print the key - just the bitcoin address.

Print out your instructions (make sure they are VERY specific, clear instructions to your future self), and hope you remember all your answers in 7 years. Again, nothing stops you from raiding it in 5 years, but hopefully it's a hurdle that helps your self-control.

I don't understand why you're dismissing nTimeLock. It's the most effective and has the fewest variables. "Should destroy the sending wallet's private key" is not a complicated step, nor is "should save all transaction data". As for "trusting the protocol" enough: If you don't trust the protocol, who cares what they're worth in 7 years?

Best of all, and unlike the other methods: you can more easily "test it out" with a small amount of coin for a small period of time, to make sure the method you've chosen is effective and well-planned.

Get a paper wallet. Encrypt private key. Bury the wallet in a location known to you. Generate random password for the encryption. Split pass into 4 segments give each to a different friend to bury somewhere different. Get them to write clues on a sheet. Bury clues with paper wallet.

You can use Peter Todd's Timelock. It involves placing a bounty and you have to make sure that bounty hunters will be sufficiently incentivized to eventually complete their computational work. If the bitcoin exchange rate goes down too much unlocking it might become unprofitable and pause unless/until the exchange rate goes up again. You can solve that issue by simply sending more bitcoins to the bounty addresses though. Another consideration: the accuracy of the time interval you set depends on the limited growth of scalar processing technology. You can only be sure about the maximum amount of time it would take.

You could use this to lock a bitcoin wallet file or private key. You would have to make sure that you don't save the secret unlocking it and the wallet/private key itself, but only the locked (encrypted) file. You publish the Timelock definition and watch the blockchain as bounty hunters make their way towards finding the secret which you can then use to unlock the file.

You can't involve another person in the long term, as they may die. You cannot use technology as your plans can be foiled be future unknowns.

I recommend the following solution that would probably take you a couple of weeks to complete:

Create a paper wallet private key and do not take a picture of it. Cut the private key into three pieces. Do not make any copies

Ask three friends to help.

Have each friend create three copies of each private key value along with its private key order and write it on a piece of paper immediately.

Have each friend put the private key value and its order in a regular old plastic bottle like a 5 hour energy bottle.

Have each friend create a scavenger hunt for all private key values, and write down the instructions on paper.

Take the instruction papers and put it in a safe deposit box.

Why this would work:

There are three copies of each key value, significantly reducing the risk of losing key values.

No single person, except you originally had the whole key.

It is a pain in the butt to do scavenger hunts, you won't even start until your stash makes it worth your while.

If you do lose some of the keys you will still be able to unlock your wallet because you likely will only lose a couple in the worst case scenario.

You will video the whole experience and potentially make public your scavenger hunt as a national television series, making more money on the television show scavenger hunt than you would finding your own stash of coins.

While I don't actually know how to do this, you can put your coins in one address, sign a transaction to another address you have the private key for, for 7 years from now and then burn or delete the original private key.

That transaction will only be valid in 7 years, and until then you won't be able to access your coins.

I would be careful about that- you have to save that transaction because if you broadcast it today, it will no longer be in any memory pool of any miners 7 years from now and you will have to resubmit it.

Here's a way to future proof your key retrieval without trusting anyone and even a way to get them back in a real emergency

www.passguardian.com !
Split your private key into several pieces (2-99) with a threshold number of pieces needed to decrypt your private key.
Split the key into 4 'key' pieces with a threshold of 2 needed to decrypt. Each keypiece (very long string of alphanumeric) is useless on its own. Only when 2 of the 4 are used together can you decrypt your private key.

Set up 4 delayed email services to send emails to you after desired time. Each email service only holds 1 piece so cannot steal your coins, unless they collude. As the string piece each email company holds is gibberish and gives no indication of what information it holds or where other pieces are hidden it is near impossible to do so.
The use of 4 email services protects against some of the services going out of business before your time limit expires, or any other problems. Eggs in many baskets!

In case you change your email address etc. each delayed email provider could also send it's keypiece to friends. Each friend would also only hold one keypiece so could not steal from you. Keep the identity of the other friends with keypieces secret or use people that don't know eachother so they couldn't collude either.

Passguardian uses a well known algorithm called Sharmir's sharing scheme, so even if pass guardian ceases to exist you can still get your private key back!

This method is also useful for backing up cold storage paper wallets

You could even use 6 keypieces and keep 2 of them somewhere difficult to get to so they can be retrieved in an absolute emergency.
E.g save each of the emergency pieces at two different friend's houses and make a big fuss about how you'll never need them or something so it's really embarrassing to go back and ask for it. A deterrent unless you have a VERY good reason to get them

As everybody is saying, creating an nLockTime tx and then destroying the private key after you sign it is the best way to go. It's unlikely the protocol will hardfork to where an old style valid tx won't be valid in the future. You could also split your private key up using Shamir's Secret Sharing and give a share to each of your friends and family as an emergency backup -- but you might be tempted to retrieve the backup early. I also like the time lock puzzle idea.

Actually, this is a good idea (maybe not to him, specifically, but in general.) If all they are going to be doing is sitting around for 7 years, find a way to make them work. Ie, invest them with some way (this is the part you'd have to investigate) that guarantees a payment of your current bitcoins plus a little interest in 7 years time. Think of it like the equivalent of a savings bond... you just need to find someone who can use the money now and that you trust to pay back within 7 years.

No it's not. Sometimes it is rational to trust your current self more than 5 years worth of future selves and so you look for some way to precommit.

This is an interesting question given the background beliefs about Bitcoin that many of us hold: That one coin could be worth 30k in five years and that many people on this forum would have been better off with this kind of precommitment covering the past few years.

I think I will use scrypt to encode my password, because right now I can't use GPU to bruteforce scrypt, but maybe in future it will be possible to use GPU.

I will calculate my password length according with how long our current best CPU's are able to bruteforce for 365 days. Any help with that would be appreciated.

Actually I'm not sure yet if scrypt is such an algorhythm that will ever have GPU support, do you have any better idea than scrypt? (I need some more common way of encryption which will have GPU support in future for sure - that's as a worst-case scenario protection for myself)

I'm not asking for troubles, I trust in cryptography and piece in the world. What's the problem if I won't be able to access my Bitcoins during the year...

Litecoin is mined with scrypt. It has gpu support and is getting ASICs. I still think what you described above is a horrible idea where you could lock your self out of your coins permanently. Don't do it.

by using this service I've found out that it will take 289 days to crack my 17 digits password without any characters - only digits.
I'm going to do this, because it takes commitment to run computer's GPU for 289 days.
Do you think its a good idea?

another problem I'm facing is inconsistency of power consumption which may occur - so I need some GPU cracking tools which are able to save their decryption results during such long period of time as 289 days.

I'm not expecting anyone to fix that for me. I will fix it and create lock myself, I will build a bridge above you, or I'll tunnel underneath you, because in cryptography I trust! But your help is appreciated along the way. This is very serious topic.